Vulnerability Report

CVE-2011-0064

Title: Mozilla Firefox RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2011-0064.

CWE Category NVD-CWE-noinfo

Published Date Mar 07, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 6.8 CVSS v2.0

Exploit Probability (EPSS)

3.09%

Vulnerability Summary

CVE-2011-0064: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

Impacted Vendors

mozilla 1

pango 1

gnome 1

Reference Links

http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43559 http://secunia.com/advisories/43572 http://secunia.com/advisories/43578 http://secunia.com/advisories/43800 http://securitytracker.com/id?1025145 http://www.debian.org/security/2011/dsa-2178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://www.redhat.com/support/errata/RHSA-2011-0309.html http://www.securityfocus.com/bid/46632 http://www.ubuntu.com/usn/USN-1082-1 http://www.vupen.com/english/advisories/2011/0543 http://www.vupen.com/english/advisories/2011/0555 http://www.vupen.com/english/advisories/2011/0558 http://www.vupen.com/english/advisories/2011/0584 http://www.vupen.com/english/advisories/2011/0683 https://bugzilla.mozilla.org/show_bug.cgi?id=606997 https://bugzilla.novell.com/show_bug.cgi?id=672502 https://bugzilla.redhat.com/show_bug.cgi?id=678563 https://build.opensuse.org/request/show/63070 https://exchange.xforce.ibmcloud.com/vulnerabilities/65770 http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43559 http://secunia.com/advisories/43572 http://secunia.com/advisories/43578 http://secunia.com/advisories/43800 http://securitytracker.com/id?1025145 http://www.debian.org/security/2011/dsa-2178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://www.redhat.com/support/errata/RHSA-2011-0309.html http://www.securityfocus.com/bid/46632 http://www.ubuntu.com/usn/USN-1082-1 http://www.vupen.com/english/advisories/2011/0543 http://www.vupen.com/english/advisories/2011/0555 http://www.vupen.com/english/advisories/2011/0558 http://www.vupen.com/english/advisories/2011/0584 http://www.vupen.com/english/advisories/2011/0683 https://bugzilla.mozilla.org/show_bug.cgi?id=606997 https://bugzilla.novell.com/show_bug.cgi?id=672502 https://bugzilla.redhat.com/show_bug.cgi?id=678563 https://build.opensuse.org/request/show/63070 https://exchange.xforce.ibmcloud.com/vulnerabilities/65770

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.8

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-0064 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

March 07, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.